Professors Bernstein and Lange

Cryptography is an essential building block in securing our current systems from online banking and secure messaging to state secrets and military communications. Internally, most of these systems rely critically on the security of just a few mathematical problems, namely factorization of large integers and computation of discrete logarithms on elliptic curves or finite fields. These problems are well studied and generally accepted to be hard, meaning that the best known methods to break them take super-polynomial time.

However, quantum computers can execute additional operations which cause these mathematical problems to be solved with ease: breaking them will take only polynomial time, once a sufficiently large quantum computer has been built. At this point, building large, scalable quantum computers is still a research problem but progress is steady and a future in which they exist is almost a certainty. Researchers in academia, industry, and governments are busy working on post-quantum cryptography, cryptography in the security model where the attacker has access to a quantum computer, and current efforts are bundled by NIST's post-quantum project. Standardization is expected in 4-6 years. This is still likely to beat the onset of large quantum computers, so why are we too late? The first reason is that it takes a long time to get from a standard to deployed systems, which have to go through implementation, development, and certification, and even when the first systems supporting post-quantum cryptography are out, it will still be necessary to support pre-quantum systems in legacy applications. The second reason is that many players record today's encrypted communication in the hope to later decrypt it -- and if those players get access to a quantum computer they will actually be able to decrypt. This means that all of today's communication will need to be considered compromised the moment a quantum computer exists. This is a problem for communications with long-term confidentiality requirements such as trade secrets, legal proceedings, and other private data.